As with all online payment methods, there are a number of scenarios when a bad actor may cause a loss. With open banking, the scenarios are fewer and differ from card payments and other methods.
In our reading of the regulatory texts, we outline scenarios where we believe parties to the transaction will be liable for a loss. We strongly encourage you to seek your own independent legal counsel for your business as your particular scenarios might be different to those outlined here. Here's a guide to the potential liability in different scenarios:
- If the bank account holder's credentials are compromised and used to complete a payment, liability will be determined between the bank account holder and their bank, depending upon where the duty of care falls for the specific scenario.
- If the service provider (i.e. the customer of TrueLayer) enables a fraudulent payment, either due to an external attacker compromising their system, or internal fraud is perpetrated by an employee, the service provider is generally liable.
- If TrueLayer suffers a security breach or a TrueLayer employee commits fraud, TrueLayer is liable for the cost.
- If a bank's security is compromised or an employee of the bank commits fraud, then the bank is liable for the cost.